dix: Allow zero-height PutImage requests
The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This commit is contained in:
parent
924996c41c
commit
dc777c346d
|
@ -2000,7 +2000,7 @@ ProcPutImage(ClientPtr client)
|
|||
tmpImage = (char *) &stuff[1];
|
||||
lengthProto = length;
|
||||
|
||||
if (lengthProto >= (INT32_MAX / stuff->height))
|
||||
if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height))
|
||||
return BadLength;
|
||||
|
||||
if ((bytes_to_int32(lengthProto * stuff->height) +
|
||||
|
|
Loading…
Reference in New Issue
Block a user